Technology editor Wayne Rash took the Viewfinity Privilege
Management software for a test drive and summed up his findings in a product
review published in PC Magazine.The
review is comprehensive and represents the product fairly, earning 4 out of 5
stars with an editor’s rating of “Excellent”.

The information presented digs into the details of the
Viewfinity Privilege Management solution.The testing was performed via Viewfinity’s SaaS-based platform and walks
the reader through a step-by-step approach to how a project to remove admin
rights and then manage privilege elevation needs would be approached.

While the review is easy to follow and provides just the
proper amount of detail to get a good overview and feel for the solution, what
is stressed more importantly by this technology expert is the fact that
organizations should be paying attention to the local admin rights security
loophole.It’s been said over and over
by many security experts that removing local admin rights from your end users
is one of the most important ways to reduce the attack surface.

The most common
pathway to a data breach by far is the misuse of administrative rights on a
company data system. Normally this happens in either of two ways: The first way
is by stealing the credentials of someone with administrative rights and the
second way is by elevating the rights of an existing user. Once either is
accomplished, the data theft is often carried out by inserting a background
application that siphons off critical data and sends it to the criminals who
want it. Viewfinity Privilege Management and Application Control ($20 per user
per year) cloud-based services aim to prevent both of those scenarios.

More and more we are seeing that the need for Cybersecurity
insurance, and other contingency plans, are driving how organizations view and
consume cyber security tools. Cybersecurity insurance providers need to see
that organizations are doing their due diligence in order to protect the assets
and privacy of their company, customers and other stake holders.

Todd Bell of Enterprise Tech recently published an article, Getting Cybersecurity Insurance After a
Breach, outlining the struggles that organizations can face if they
fail to take the necessary steps to protect themselves and their assets before
a breach occurs. Pretty serious
challenges - it’s worth a read for anyone looking to better understand what
they might be up against.

As a place to start, Viewfinity offers a complimentary
tool which can provide a baseline for organizations to audit their endpoint
security posture in regards to who has local administrator rights.The Viewfinity
Local Admin Discovery is a free tool that allows you to discover user
accounts and groups that are members of the local “Administrators” built-in
user group on computers in your Windows domain.

If you have removed admin rights from the majority of your
end users, you can use this information provided in our tool as proof that you
have closed down this security loophole that hackers use regularly to penetrate
an infrastructure.

On a larger scale, Viewfinity
enables organizations to approach cybersecurity with a 1-2 punch; Application
Control with the ability to remove and manage admin rights, from a single
agent. Both of these capabilities are vital to avoiding cybersecurity
vulnerabilities and loopholes that serve as access points for hackers, Advanced
Persistent Threats (APTs), and sophisticated Zero-day attacks. Not to mention,
these tools offer the necessary capabilities to satisfy cybersecurity insurance
providers and potentially even reduce cybersecurity insurance premiums.

Year after year RSA has no trouble creating buzz, as
industry experts share knowledge and innovations related to IT security theories,
trends and facts. However, above and beyond this year, a favorite story comes
from John Pescatore of the SANS Institute. In the wake of so many data breaches
over the past few years, organizations are losing faith in the ability to stop
these infiltrations. Despite the pessimison, at RSA John Pescatore explained,
measure by measure, that data breach prevention is possible and that
organizations should not give up.

During his talk, Pescatore stressed the importance of having
a strong security portfolio which takes on security from various angles. He
used real-life examples of organizations who have been able to successfully
prevent data breaches using a multitude of approaches.

One of the organizations which Pescatore featured in his
talk was the Australian Government’s Department of Defense. According to
Pescatore, this governing body was able to realize
a number of measurable reductions in “the rate of successful malware
execution by nearly two-thirds by layering three security technologies”(Shea, 2015). These three
security technologies included Application Whitelisting, adding least privilege
users access, and OS patch management.

Here is a quick breakdown on the results which they saw:

We’ve long been speaking about the top
4 mitigation strategies that the Australian Government has been
implementing for a long time now, and it’s great to see that they have realized
some strong measurable results. Clearly a layered security approach which
handles management of both users and applications is a key factor in preventing
these data breaches.

Viewfinity offers the only solution to combine the strength
of both privilege management and application control within the architectural
integrity of one single agent. If you’d like to find out more, join
us on Tuesday, April 28th at 2pm ET for a live webcast event: Advanced Endpoint Protection: Full Circle
Prevention-Detection-Remediation Based on a single Agent.

This
week Viewfinity announced the release of version 5.5 for Privilege Management
and Application Control GPO solutions. This latest release brings together an easy
to manage policy GUI, powerful forensic tools, and threat management and
remediation via collaboration with network security vendors.

This
release continues Viewfinity’s model to provide a full circle
prevention-detection-remediation solution based on the architectural integrity
of a single agent.

Viewfinity
will be previewing this latest release next week at RSA. Stop by booth #1046 in
the South Hall to see new capabilities first hand, or contact a Viewfinity representative today for a
private demo.

2013 was labeled “The Year of the Mega Breach” as more and
more consumer facing companies were ravaged by devastating POS attacks. 2014
has done nothing but prove that these types of attacks are only getting faster,
more frequent, and harder to detect.

The fact is that IT professionals are doing everything they
can to prevent these breaches. Unfortunately, as quickly as security practices
adapt, so do hackers and advanced malware. Where there is no one-size-fits-all security
solution, here are select insights from industry experts sharing their
knowledge, and knowledge is power.

Jon Oltsik,
Senior Principle Analysts for ESG

“If Target
used some type of application controls (from Bit 9, Kaspersky, McAfee,
Viewfinity etc.)… it may have bad a better fighting chance.”

In Reducing Attack Surface with Application
Control, we look at the double-edged sword of application control, detail a
number of use cases where it fits well, and define selection criteria to
consider for the technology.

Paul Ducklin,
2009 winner of the AusCERT Director’s Award for Individual Excellence in
Computer Security
Ducklin stresses the importance of ensuring that 3rd party vendors
and contractors are amply protected, especially if the POS vendors access your
networks remotely.
More here.

Steven Norton,
The Wall Street Journal
“Rolling out EMV technology in brick-and-mortar stores is a step in the right
direction, but it won’t solve the entire security problem. While it can
significantly reduce fraud, it doesn’t take in to account online transactions
and may not help companies identify larger threats to the point-of-sale
systems.”Steven Norton: Security Breaches Trigger Retail’s Big Players
to Call for Major Tech Challenges

Tracy Kitten, Bank
Info Security
“By educating merchants about compliance with the Payment Card Industry Data
Security Standard, or, in some cases, even providing network security services
to their merchant customers, banking institutions are playing a more aggressive
role in ensuring card fraud associated with point-of-sale attacks is
contained.” Tracy Kitten:Banks: How to Stop POS Breaches

When it comes to POS and retail security breaches,
unfortunately there is no easy button, no simple fix, but the strongest weapon
you have is knowledge. First and
foremost organizations should adhere to the principle of least privileges;
removing admin rights can eliminate a large number of security loopholes. Application
whitelisting on POS devices ensure that only approved applications are running.
Finally visibility into these activities with proper monitoring and forensic
analysis can help accelerate threat detection and remediation in the event that
a breach does occur.

Movado Group
Inc. implemented a corporate initiative to lock down its endpoint environment
to improve security.Once administrator
rights had been removed, Movado deployed Viewfinity Privilege Management and
use automated policies that resolve the challenges that present due to the removal
of admin rights. In addition to the
reduction in time-consuming support related requests that occurred prior to
lock down, such as reimaging of malware infected machines, Movado Group Inc.
was able to completely eradicate nuisance help desks calls within their
environment.

Project
Scope: Eliminate nuisance calls due to removal of admin rights and improve end
user productivity through faster resolution of IT issues.

Multiple
sales and distribution offices around the world, with over 1300 employees

Workforce
is comprised of 1100 endpoints 60/40 laptop/desktop

10%
of staff are mobile workers and 30% work in retail locations

The Situation
Breakdown

Challenge #1:
With a locked down environment employees were unable to perform day-to-day
tasks like printer installs, application upgrades etc. which were required for
their job functions.

Solution: Using Viewfinity, Movado Group Inc., was able to
run an audit of their environment for 30 days, identifying applications and
processes which required admin privileges.

Result: Within a month of rolling out Viewfinity, Movado
Group Inc. realized a complete eradication of nuisance calls. End users were
able to be self-reliant, handling day-to-day task such as printer installs and
java updates without having to be granted admin rights.

Challenge #2:
The Movado Group IT staff spent a great deal of time making desk-side visits to
fix small problems, negatively impacting productivity as users waited for tech
support to arrive, and taking up valuable time for IT staff.

Solution: Movado Group Inc. was able to establish proactive
policies to handle elevation needs automatically. The policies were predefined
to fit actual user needs based on the Viewfinity Audit previously run.

Result: Rolling out Viewfinity helped to control unproductive
downtime and predict potential problem areas. End users are able to run updates
and install necessary applications on their own but the system is streamlined
and controlled from the backend. End users maintain the independence and
control they require being in regional offices but still receive the security
benefits of a locked down environment.

Apex
Companies uses Viewfinity to increase their IT security and harness the
process-based privilege management capabilities to lower desktop management
costs for a maximized ROI. Below is a breakdown of their success story as well
as a recording to their live use case presentation.

IT
staff is very lean, with only three support members responsible for all endpoints
spanning 35 geographically disbursed branch offices

Apex
saves hundreds of thousands of dollars in desktop management costs per year
with Viewfinity

IT
typically performed well over 500 installs on an annual basis, ranging from
simple upgrades to full application installs – Viewfinity reversed the
previously ineffective and costly method of deploying updates and handling
installs

The Situation
Breakdown

Challenge #1:
Must enforce stringent policies for network and system access

Solution: Move to a fully locked down environment with
privilege elevation on the application level, which removes the need for
providing individual users or groups access to admin rights.

Challenge #2:
Need to ensure all software is installed legally and that all applications have
valid licenses

Solution: Application whitelisting to allow control of which
processes, applications, versions etc. are allowed to run within the
environment.

Result: “Viewfinity’s reporting allows me to quickly
ascertain which applications are installed, how many are installed, when they
were installed, and on which computers. I use this information to budget as
well as to maintain license legality… With Viewfinity I have very accurate,
complete information.”

Challenge #3:
Need to provide timely support to end users despite lean IT staff and
geographically dispersed end users

Solution: Pre-defined policies and application whitelists can
enable end users to perform simple tasks (upgrades, installs, settings) without
having to contact IT support for help.

Result: Because of Viewfinity’s whitelisting capabilities,
users no longer need to contact Apex IT in order to perform routine updates or
whitelist installs. Viewfinity allowed Apex to realize a reduction of hundreds
of thousands of dollars in desktop management costs per year.

Financial institutions (JP
Morgan Chase and others), Retail Stores (Home
Depot, Target, Niemen Marcus), Restaurants (Dairy Queen, PF Chang),
Universities (University of Maryland, Iowa State University, Wisconsin State
University), Celebrities… If we’ve learned one thing this year it is that no
one is safe, no one is immune to sophisticated hackers, malware, advanced
persistent threats and zero-day attacks.

Here are some
more examples of breaches that you might not know about, but probably
should. Many of these breaches are now being attributed to "Backoff" malware, which the Department of Homeland Security has recently issued an alert to businesses on.

Despite IT teams working endlessly against these threats,
they are still getting through. The harder IT security teams work, the more
pervasive hackers and malicious bodies get. It seems like a never ending,
extremely vicious cycle, and no single approach to security is enough. Experts in the analyst community do point to
the removal of administrative rights as a fundamental step in IT security:

“Run more of your windows users without administrator
rights… the single most important way to improve endpoint security” ~ Neil
MacDonald, VP & Gartner Fellow

The SANS Institute: “The Critical Controls
represent the biggest bang for the buck to protect your organization against
real security threats… The five quick wins are:”

A smart move.Close
down security loopholes and vulnerabilities by removing admin rights and
controlling what applications can run in your environment. Here is a link to a
webinar that Viewfinity recently ran with renowned security
expert Marcus Murray: How
Hackers Exploit Admin Rights to Access Your Systems. The webinar does a
great job outlining the different security risks associated with excess admin
rights in your environment. It’s definitely worth a watch.

Additionally, at the end of this month we’ll be running a
webinar: Best Practices for Removing Admin Rights: A Step-by-Step Approach.
Keep an eye out for more information regarding this event. We highly recommend
this webinar if you have not removed admin rights, or have removed rights but
are looking for a streamlined and automated approach to managing privileges and
to cut down on IT overload. We know that your security teams are doing
everything they can, but they don’t have to do it alone. For more information
on the Viewfinity solutions and how we can help you pave the way to better IT
security, visit our website.

August 12th at 2pm ET we will be running a
webinar with Enterprise Security MVP and Microsoft Security Trusted Advisor,
Paula Januszkiewicz: Security
Vulnerabilities Associated with Having Local Administrator Rights. This
webinar will focus on the risks associated with having excess admin rights and
how Viewfinity can mitigate these risks. One of the main focuses of the webinar
will center on pass-the-hash scenarios; in preparation for the event we wanted
to make sure everyone was well versed on this dangerous risk.

So, what is pass-the-hash? … and no
it has nothing to do with twitter, or illegal substances. Pass-the-hash is when
hackers exploit excessive admin rights to steal the credentials of an admin.
It’s a complicated process, which is discussed fully in our white paper: How
Viewfinity Mitigates Pass-the-Hash. While we highly recommend reading this
whitepaper, we also wanted to share some key information to help get readers
more knowledgeable in the subject… after all you must understand the
vulnerability in order to protect against it.

WHAT: Pass-the-hash is a technique which enables hackers to
use your own systems against you, by using administrator rights to steal admin
credentials and then use those credentials to gain access to your infrastructure.

WHERE: Pass-the-hash can infiltrate any server or service
that accepts LM or NTLM authentication; it can work against any operating system.

WHEN: Once a user name and password hash is obtained a
hacker can then use that information to authenticate to a remote server and
have access to an entire infrastructure.

HOW: The hacker uses a user password’s underlying NTLM hash
to authenticate to a remote server/service.

Pretty terrifying huh? The good news is there are ways to
reduce the attack surface and stop these hackers in their tracks… the bad news
is that you will have to wait until next week to find out how.

Stay tuned for a follow up to our pass-the-hash discussion
and make sure to sign
up for the webinar on the 12th to learn how you can secure
against vulnerabilities that are associated with local admin rights.

Improving endpoint security is a difficult, but necessary
task. The good news is that Viewfinity offers resources to help you during
every stage of your project; whether your head is swimming trying to navigate
the ever changing security landscape, you are just learning what application
control can do for your organization, you’ve removed admin rights and are ready
for the next steps, or you are currently employing all of the top security strategies
and are looking for an easier way to manage your processes.

Take some time to check out the resources below that match
your needs best, or reach out directly to Viewfinity
and we can walk you through the process as smoothly as possible.

I have a
homegrown / Native MS system in place but would like to learn about
streamlining the process: Sign up for a One-On-One
demo with a Viewfinity Engineer

I am making
a decision soon and want to see your product: Register
for a Trial Eval

Viewfinity offers flexible application control and privilege
management solutions to meet whatever cyber security needs your company is
currently facing. Let us work with you to make this daunting process as
seamless as possible.

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.